No One Is Entitled to Their Own Facts, Except in Cybersecurity? Presenting an Investigation Handbook To Develop a Shared Narrative of Major Cyber Incidents

Presented at Black Hat USA 2022, Aug. 10, 2022, 3:20 p.m. (40 minutes).

You get a fact…and you get a fact…and you get a fact! It sounds like a meme until you realize that's how most people treat their conceptions of what happened after a major cyber incident investigation. If you asked ten people even in the infosec community right now what happened during the Colonial Pipeline hack, you'd get ten different answers that are substantially different on fundamental facts of Who, What, Where, When, Why, and How. <br><br>In December of 2021, Harvard's Belfer Center released a report based on a workshop involving over 100 international experts. Our project investigated how the aviation industry draws lessons learned from aviation incidents and how a process could be applied to cyber incident investigations. Based on this, we have created the Major Cyber Incident Investigations Playbook. This new document, pending publication at Harvard and being released here at Black Hat, is a playbook to make major cyber incident investigations more actionable by setting up an independent review board for major cyber incidents. This can be how we build a shared historical narrative. <br><br>We have condensed the deliberations over trade-offs included in the playbook into eight fundamental questions on how to conduct a major cyber investigation, and most importantly how to communicate the indisputable facts of an incident, as opposed to the opinions on the incident. We include a Crisis Sheet and Facts Sheet to help anyone who is handed this playbook for the first time *after* an incident has already occurred. The analysis included in any review board's report should not only provide lessons learned and recommendations but should also lay to rest disputes over the fundamental facts such as where the attack occurred, the name of the technologies or vulnerabilities exploited, the people harmed, and the approximate cost of the incident and cleanup.

Presenters:

  • Victoria Ontiveros - Researcher, Harvard Kennedy School
    Victoria Ontiveros is an MPP candidate at Harvard Kennedy School, concentrating in International and Global Affairs. Originally from Boston, she graduated in 2020 from Johns Hopkins University, where she majored in International Studies, East Asian Studies, and Economics. Victoria has studied Mandarin Chinese for eight years and spent a year studying abroad in Shanghai, China with support from the Boren Scholarship. Her undergraduate thesis focused on the role of the South China Sea Museum, located in Hainan, in the crafting of the national narrative of China's historic sovereignty over the contested South China Sea islands.
  • Tarah Wheeler / Pinup - CEO, Red Queen Dynamics, Inc   as Tarah Wheeler
    Tarah Wheeler is an information security executive, social scientist in the area of international conflict, author, and poker player. She is CEO of information security consultancy Red Queen Dynamics, and a Cyber Project Fellow at the Belfer Center for Science and International Affairs at Harvard University's Kennedy School of Government. She is an International Security Fellow at New America leading a new international cybersecurity capacity building project with the Hewlett Foundation's Cyber Initiative and a US/UK Fulbright Scholar in Cyber Security. She is an Electronic Frontier Foundation advisory board member, an inaugural contributing cybersecurity expert for the Washington Post, the Brookings Institution's contributing cybersecurity editor, and a Foreign Policy contributor on cyber warfare. She is the author of the best-selling Women In Tech: Take Your Career to The Next Level With Practical Advice And Inspiring Stories. She has been Head of Offensive Security & Technical Data Privacy at Splunk & Senior Director of Engineering and Principal Security Advocate at Symantec Website Security. She has architected systems at encrypted mobile communications firm Silent Circle. She has spoken on information security at the European Union, at the Malaysian Securities Commission, for Foreign Policy, the OECD and FTC, at universities such as Stanford, American, West Point, and Oxford, and multiple governmental and industry conferences. She has two cashes and $4722 in lifetime earnings in the World Series of Poker. Reach her at @tarah.

Links:

Similar Presentations: